FS#2528 - New user registration doesn't check for duplicate usernames

Expected behavior:Username gets red and a note appears that username already is taken

Experienced behavior:Username gets green and registration of a new user proceeds with sending a notification mail with confirmation code.After putting in the confirmation code in provided page, user gets presented a “username is already taken, choose another” (where?) message, and has to re-start registration process from beginning and hopefully this time choose a not taken name.

Was this done for security reasons to make it a bit harder to collect usernames in Flyspray by brute trying names here? Or they just forgot the registration use case and had only the user registration forms( single and bulk ) in the admin area in mind?

Also the function checkname() shows an error in the browsers javascript console because there is no variable booler defined. (try userö with the ö umlaut for instance). Probably copy&paste error from function allow(booler) in js/functions.js ...

Maybe allow accessing the js/callbacks/searchnames.php also as guests when Flyspray is configured for self registering of users and deny it for guests in more restricted Flyspray configurations as a compromise?

Maybe it has to do with if a temporary entry yet in the registration table exists or not beside entries in user table.

Maybe also check that case: When 2 different people try to register a not yet existing username with the same username when registration requires email verification code, in this case the first dude finishing the complete registration should win and the other dude later looses and must retry the registration steps, right?

I reproduced the problem of registration email even username exists now: When someone tries to register an existing username (disable javascript in browser and no captcha stuff enabled to reproduce), an entry into the registrations-table is made even it is completely useless.

When someone tries this a second time with that username, the existing entry in the registrations table is detected and a normal 'username taken' response is made.